Comments on proposed ISBE rule for SOPPA

In 2019, the IL General Assembly passed Public Act 101-516, an update to the Student Online Personal Protection Act (SOPPA). It will go into effect on July 1, 2021. When a law is passed, often a state agency adopts new rules or regulations to help implement the law. In this case, the IL State Board of Ed (ISBE) proposed a new rule for SOPPA. We submitted a comment about the rule which you can read here.

The amendment to SOPPA, one of the most far-reaching student data protection laws in the country, was an initiative of IL Families for Public Schools. The original version of SOPPA prohibited some commercial exploitation of student data, but parents weren't at the table when it was written and did not feel it went far enough.

The amended SOPPA will provide much greater transparency and control to parents on how schools, vendors and the Illinois State Board of Education (ISBE) are collecting and using data from public school students from preschool through 12th grade. You can read more about it here. Importantly, SOPPA will now give parents the right and ability to inspect and review, request copies, request corrections and request deletions of their child's personal information, no matter who it is held by---a school, a non-profit or a vendor---or what format it is in.

We at IL-FPS are concerned, however, about Section 380.20(d) of the proposed rule. It would restrict parent requests for copies of their child's data made under SOPPA to once per fiscal quarter.

We understand that schools or districts might be nervous that parents will make a burdensome amounts of requests under the new law.

However, while we don't think that parents typically will need to make requests more than that, there may be some special circumstances that require it---dealing with identity theft, confirming the deletion of sensitive data, etc.

In addition, there are long-standing student privacy laws that have no restrictions on how often records may be requested, the federal Family Educational Rights and Privacy Act (FERPA) and the Illinois School Student Records Act (ISSRA). In 45 years the volume of requests hasn't been a problem under FERPA or ISSRA. The goal in amending SOPPA was to align how digital data is treated with existing student privacy laws, not to make things more complicated for parents and schools. Like the law, the rules for SOPPA should make it easier for parents to know what's happening to their children’s information in public school, not harder.